The minimum-credible posture for putting an OpenClaw deployment somewhere it might be reached. 12 checks before you flip the switch.
Not a CVE tracker. The patterns to actually do (and not do) when self-hosting an agent runtime with a third-party plugin marketplace. The 12-item checklist hardens your install, the trust-signals page tells you what to look for in plugins, the practical-patterns page covers the eight failure modes you'll meet, and the "what NOT to build" page is the counter-intuitive list of jobs better served by simpler tools.
6.1 sourced 2026-05-07
6.2 sourced 2026-05-07
What we look for when sampling a plugin or skill before using it. The signals that separate a credible community contribution from one that should worry you.
6.3 sourced 2026-05-07
Common classes of issue you'll meet building agents — described in plain English with mitigation patterns. Not a CVE tracker; the patterns that show up across deployments.
6.4 sourced 2026-05-07
Counter-intuitive guidance — agentic isn't always the right shape. A list of jobs that look agentic but aren't worth the cost / complexity / risk vs simpler approaches.